Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[gentoo-announce] [ GLSA 200910-03 ] Adobe Reader: Multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 200910-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: Normal

Title: Adobe Reader: Multiple vulnerabilities

Date: October 25, 2009

Bugs: #289016

ID: 200910-03

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities in Adobe Reader might result in the execution

of arbitrary code, or other attacks.

 

Background

==========

 

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF

reader.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 app-text/acroread < 9.2 >= 9.2

 

Description

===========

 

Multiple vulnerabilities were discovered in Adobe Reader. For further

information please consult the CVE entries and the Adobe Security

Bulletin referenced below.

 

Impact

======

 

A remote attacker might entice a user to open a specially crafted PDF

file, possibly resulting in the execution of arbitrary code with the

privileges of the user running the application, Denial of Service, the

creation of arbitrary files on the victim's system, "Trust Manager"

bypass, or social engineering attacks.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All Adobe Reader users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose =app-text/acroread-9.2

 

References

==========

 

[ 1 ] APSB09-15

http://www.adobe.com/support/security/bulletins/apsb09-15.html

[ 2 ] CVE-2007-0045

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045

[ 3 ] CVE-2007-0048

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048

[ 4 ] CVE-2009-2979

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979

[ 5 ] CVE-2009-2980

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980

[ 6 ] CVE-2009-2981

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981

[ 7 ] CVE-2009-2982

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982

[ 8 ] CVE-2009-2983

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983

[ 9 ] CVE-2009-2985

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985

[ 10 ] CVE-2009-2986

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986

[ 11 ] CVE-2009-2988

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988

[ 12 ] CVE-2009-2990

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990

[ 13 ] CVE-2009-2991

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991

[ 14 ] CVE-2009-2993

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993

[ 15 ] CVE-2009-2994

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994

[ 16 ] CVE-2009-2996

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996

[ 17 ] CVE-2009-2997

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997

[ 18 ] CVE-2009-2998

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998

[ 19 ] CVE-2009-3431

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431

[ 20 ] CVE-2009-3458

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458

[ 21 ] CVE-2009-3459

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459

[ 22 ] CVE-2009-3462

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-200910-03.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2009 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×